[Dolibarr-bugtrack] [Bug #1437] Securitu Issue

From:	Doliforge
Subject:	[Dolibarr-bugtrack] [Bug #1437] Securitu Issue
Date:	Mon, 09 Jun 2014 16:47:36 +0200

Ce message ne s'affiche pas correctement?
mettez à jour vos préférences utilisateur.

Securitu Issue

Cedric GROSS (kreizit)

09/06/2014 16:47 (Europe/Paris)

Détails
Submitted by:	HENRY Florian (fhenry)	Submitted on:	04/06/2014 12:15
Last Modified On:	09/06/2014 12:34
Summary:	Securitu Issue
Description:	Deepak Rathore address@hidden send to fundation by mail a security repport on Dolibarr
Step to reproduce bug:	Check attachement
Detected in version:	3.5.2	Category:	Security
Severity:	8	OS Type/Version:
PHP version:		Database type and version:
Etat
Status:	Open	Assigned to:	HENRY Florian (fhenry)
Resolution:	Aucun

Cedric GROSS 09/06/2014 16:47: http://www.php.net/manual/fr/function.filter-input.php and so on could be a solution.
HENRY Florian 09/06/2014 12:34: Some of them can be fix, because GETPOST even with 'alpha' test do not
warn if input is
"2%2F0%2F1234%3cscript%3ealert%2893275%29%3c%2fscript%3e"
for exemple

I don't have magical solution for this kind of security issue

Current Thread

[Next in Thread]

[Dolibarr-bugtrack] [Bug #1437] Securitu Issue, Doliforge, 2014/06/04
- [Dolibarr-bugtrack] [Bug #1437] Securitu Issue, Doliforge, 2014/06/04
- [Dolibarr-bugtrack] [Bug #1437] Securitu Issue, Doliforge, 2014/06/04
- [Dolibarr-bugtrack] [Bug #1437] Securitu Issue, Doliforge, 2014/06/09
- [Dolibarr-bugtrack] [Bug #1437] Securitu Issue, Doliforge <=
- [Dolibarr-bugtrack] [Bug #1437] Securitu Issue, Doliforge, 2014/06/20